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AMENDMENTS TO THE CLAIMS: 

This listing of the claims will replace all prior versions, and listings, of the claims in this 
application. 

Listing of Claims: 

1 . (Currently Amended) A method for authorizing a n e twork d e vice , comprising: 

performing an automated security scan of a second netvs^ork device by a first netw^ork 
device to determine a capability of the second network device; 

determining an attribute based, in part, on a the determined capability of th e n e twork 

devic e; 

generating an attribute certificate based^ in part^ on the attribute; 
storing the attribute certificate including the attribute; and , 

responsive to a verified authentication request determining if that the attribute certificate 
is valid^ and authorizing access to a resoxirce over a network based, in part, on the attribute 
associated with the attribute certificate. 

2. (Canceled). 

3. (Original) The method of claim 1 , wherein the attribute is further determined based, in part, on 
a condition to be satisfied. 

4. (Original) The method of claim 1, wherein the attribute is fiuther associated with a group of 
network devices. 

5. (Original) The method of claim 1, wherein the attribute is fiirther associated with a group of 
users. 

6. (Currently Amended) The method of claim 1 , wherein the attribute certificate is generated by 
at least one of the first network device, an access server, and an attribute authority. 
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7. (Currently Amended) The method of claim 1, wherein the attribute certificate is stored in at 
least one of the second network device, and an attribute repository. 

8. (Original) The method of claim 7, wherein the attribute certificate is provided to an access 
server through the use of at least one of a cookie, a program, and a manual upload. 

9. (Currently Amended) An apparatus A n e twork d e vice for managing authorization to a r e source 
over a network , comprising: 

a first compon e nt an interface configured to perform an automated security scan of a 
network device to determine a capability of the network device: 

a processor configured to determine an attribute based, in part on the determined 
capability: 

the processor fiirther configured to generate an attribute certificate , wh e r e in the attribute 
cortificato is based, in part, on a the attribute capability^ of another n e twork devic e; 

a s e cond component, coupled to the first compon e nt, memory configured to store the 
attribute certificate including the attribute : and 

a third component, coupl e d to th e s e cond compon e nt, responsive to a verified 
authentication request, the processor further configured to determine that the attribute certificate 
is valid and to authorize th e other n e twork d e vice to the access to a resource over the a network 
based, in part, on the attribute of the other n e twork device associated with the attribute certificate. 

1 0. (Currently Amended) The network d e vic e apparatus of claim 9, wherein the first compon e nt 
processor is further configured to generate the attribute certificate based on a condition to be 
satisfied. 

11. (Canceled). 

12. (Currently Amended) The n e twork devic e a pparatus of claim 1 1 claim 9, wherein the fifst 
compon e nt processor is further configured to generate the attribute certificate based on the 
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automated security scan of the oth e r network device. 

13. (Currently Amended) The network d e vic e apparatus of claim 9, wherein the s e cond 
component interface is further configured to send the attribute certificate to the oth e r network 
device to be stored , and th e third compon e nt it furth e r configur e d to receiv e th e attribute 
certificat e. 

14. (Currently Amended) A n e twork device for managing authorization to a resource over a 

network, comprising: 

means to perform an automated security scan of a network device to determine a 
capability of the network device: 

means for determining an attribute based, in part, on the determined capability of the 
network device: 

a means for generating an attribute certificate, wherein the attribute certificate is based in 
part on a the attribute capability of another n e twork d e vice ; 
a means for storing the attribute certificate; and 

a means responsive to a verified authentication request for authorizing th e other n e twork 
d e vic e to the r e sourc e ov e r th e n e twork bas e d, in part, on th e attribute of the other n e tv/ork 
d e vice associat e d with determining that the attribute certificate is valid and authorizing access to 
a resource over the network based, in part, on the attribute associated wdth the attribute 
certificate . 

15. (New) The device of claim 14, where the means to perform an automated scan comprises an 
interface; and the means for determining, generating, storing, and means responsive comprises a 
central processing unit coupled to the interface and further coupled to a memory. 

16. (New) A computer readable medium encoded with a computer program executable by a 
processor to perform actions comprising: 

performing an automated security scan of a network device to determine a capability of 
the network device; 
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determining an attribute based, in part, on the determined capability; 
generating an attribute certificate based in part on the attribute; 
storing the attribute certificate including the attribute; and 

responsive to a verified authentication request, determining that the attribute certificate is 
valid and authorizing access to a resource over a network based, in part, on the attribute 
associated with the attribute certificate. 
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